This malware can find a way to your iPhone through your Windows PC

by
Jay Jay3/18/2016 10:58:47 AM

3/18/2016 10:58:47 AM

'AceDeceiver' is the latest malware to employ a new technique to enter your iPhone. The malware masquerades as an app and can only enter your iPhone if you install it on your Windows PC or laptop first.

Thee app was identified by Palo Alto Networks and has since been removed from Apple's App Store, though risks still remain.

The hackers behind the app have also created a Windows software named Aisi Helper which offers services for iOS users like jailbreaking, device management, system cleaning and backup.

Normally, you can install an iOS app on your Windows PC using iTunes and can then install the app on your iPhone from your computer. Each time you install the app on your iPhone, your iPhone will request for an authorisation code to confirm that what you are downloading is a genuine app.

The hackers in question have created a Windows software that simulates iTunes and make your iPhone believe that it is accepting a genuine iOS app. As for the authorisation code, the hackers steal such codes after byuing other apps fom Apple's App Store and then feed the code to your iPhone.

Known as the “FairPlay Man-In-The-Middle (MITM)” technique, "attackers purchase an app from App Store then intercept and save the authorization code. They then developed PC software that simulates the iTunes client behaviors, and tricks iOS devices to believe the app was purchased by victim. Therefore, the user can install apps they never actually paid for, and the creator of the software can install potentially malicious apps without the user’s knowledge," said Palo Alto Networks.

The research firm adds that three types of AceDeceiver apps were installed in the App Store since July 2015 and they had bypassed Apple’s code review at least seven times. Even though Apple has now removed the apps from its App Store, future attacks may still take place as the technique used by the hackers required the apps to be present in the App Store only once and because hackers can steal more authorisation codes to prove that they are genuine.

In June last year, researchers exposed several weaknesses in Apple's cross-app resource sharing design and communication mechanisms in both iOS and OS X platforms, which any hacker could take advantage of and bypass security checks in the App Store to steal passwords from installed apps. Hackers could also steal sensitive information present inside the iOS and OS X ecosystems like iCloud tokens and passwords, mail app passwords and passwords stored by Google Chrome.

Shortly afterwards, a security firm named FireEye claimed that a malware named "Manifest Masque" had the potential to invade platforms that use third party application stores. It's critical impact is multiplied by another malware named "Extension Masque" which impacts an iPhone's or iPad's ability to protect its applications. According to FireEye, these two malware can "kill, replace or tamper with apps" that can seriously compromise personal information of users like GPS location, call logs or contacts.

Yet another malware named "Plugin Masque" kills off a device's ability to create secure VPN due to which it is left open to hackers without any form of protection.

Then in September, a vicious cyber-attack on Apple's Chinese App Store endangered iOS users again. As per security firm Palo Alto, around 39 iOS apps were infected by the latest cyber-attack. Some of these were the extremely popular WeChat, Didi Chuxing cab-hiring app, the official Railway 12306 app, Tonghuashun stock trading app and China Unicom Mobile Office app.